From b598c558281d4311cca207c1765d85b6b639fc92 Mon Sep 17 00:00:00 2001 From: Marco Maurer Date: Wed, 22 May 2024 22:14:08 +0200 Subject: [PATCH 1/6] docs(redis-ha): Introduce helm-docs for values documentation Signed-off-by: Marco Maurer --- charts/redis-ha/.helmignore | 25 ++ charts/redis-ha/Chart.yaml | 2 +- charts/redis-ha/README.md | 459 +++++++++++++++++-------------- charts/redis-ha/README.md.gotmpl | 242 ++++++++++++++++ charts/redis-ha/values.yaml | 410 +++++++++++++++++++-------- 5 files changed, 806 insertions(+), 332 deletions(-) create mode 100644 charts/redis-ha/.helmignore create mode 100644 charts/redis-ha/README.md.gotmpl diff --git a/charts/redis-ha/.helmignore b/charts/redis-ha/.helmignore new file mode 100644 index 0000000..ee9c40f --- /dev/null +++ b/charts/redis-ha/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +ci/ +*.gotmpl diff --git a/charts/redis-ha/Chart.yaml b/charts/redis-ha/Chart.yaml index 9d356b6..53e1430 100644 --- a/charts/redis-ha/Chart.yaml +++ b/charts/redis-ha/Chart.yaml @@ -5,7 +5,7 @@ keywords: - redis - keyvalue - database -version: 4.26.6 +version: 4.26.7 appVersion: 7.2.4 description: This Helm chart provides a highly available Redis implementation with a master/slave configuration and uses Sentinel sidecars for failover management icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png diff --git a/charts/redis-ha/README.md b/charts/redis-ha/README.md index 136bd98..cdf4bd4 100644 --- a/charts/redis-ha/README.md +++ b/charts/redis-ha/README.md @@ -58,217 +58,250 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the Redis chart and their default values. -| Parameter | Description | Default | -|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------| -| `image.repository` | Redis image repository | `redis` | -| `image.tag` | Redis image tag | `6.2.5-alpine` | -| `image.pullPolicy` | Redis image pull policy | `IfNotPresent` | -| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] | -| `tag` | Redis tag | `6.2.5-alpine` | -| `replicas` | Number of redis master/slave pods | `3` | -| `podManagementPolicy` | The statefulset pod management policy | `OrderedReady` | -| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | ``| -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template | -| `serviceAccount.automountToken` | Opt in/out of automounting API credentials into container | `false` | -| `serviceAnnotations` | Annotations to set on Redis HA service | `null` | -| `serviceLabels` | Labels to set on Redis HA service | `{}` | -| `rbac.create` | Create and use RBAC resources | `true` | -| `redis.port` | Port to access the redis service | `6379` | -| `redis.customCommand` | Allows overriding the redis container command | `[]` | -| `redis.customArgs` | Allows overriding the redis container arguments | `[]` | -| `redis.envFrom` | Load environment variables from ConfigMap/Secret |``| -| `redis.tlsPort` | TLS Port to access the redis service |``| -| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf |``| -| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``| -| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` | -| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` | -| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` | -| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | -| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` | -| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` | -| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` | -| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` | -| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | -| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` | -| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` | -| `redis.disableCommands` | Array with commands to disable | `["FLUSHDB","FLUSHALL"]` | -| `redis.config` | Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below) | see values.yaml | -| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored |``| -| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` | -| `redis.lifecycle` | Container Lifecycle Hooks for redis container | see values.yaml | -| `redis.annotations` | Annotations for the redis statefulset | `{}` | -| `redis.updateStategy.type`| Update strategy for redis statefulSet | `RollingUpdate` | -| `redis.extraVolumeMounts` | Extra volume mounts for Redis container | `[]` | -| `sentinel.port` | Port to access the sentinel service | `26379` | -| `sentinel.bind` | Configure the 'bind' directive to bind to a list of network interfaces | `` | -| `sentinel.tlsPort` | TLS Port to access the sentinel service |``| -| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf |``| -| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``| -| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` | -| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` | -| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` | -| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | -| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` | -| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` | -| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` | -| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` | -| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | `3` | -| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` | -| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | `false` | -| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) |``| -| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) |``| -| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | `sentinel-password` | -| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` | -| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml | -| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored |``| -| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` | -| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container | `{}` | -| `sentinel.extraVolumeMounts` | Extra volume mounts for Sentinel container | `[]` | -| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` | -| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` | -| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) |``| -| `authKey` | The key holding the redis password in an existing secret. | `auth` | -| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) |``| -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` | -| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` | -| `securityContext` | Security context to be added to the Redis StatefulSet. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` | -| `containerSecurityContext` | Security context to be added to the Redis containers. | `{ runAsNonRoot: true, allowPrivilegeEscalation: false, seccompProfile: { type: RuntimeDefault }, capabilities: { drop: [ "ALL" ] }` | -| `affinity` | Override all other affinity settings with a string. | `""` | -| `labels` | Labels for the Redis pod. | `{}` | -| `configmap.labels` | Labels for the Redis configmap. | `{}` | -| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | `koalaman/shellcheck` | -| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | `v0.5.0` | -| `configmapTest.resources` | Resources for the ConfigMap tests. | `{}` | -| `persistentVolume.size` | Size for the volume | 10Gi | -| `persistentVolume.annotations` | Annotations for the volume | `{}` | -| `persistentVolume.labels` | Labels for the volume | `{}` | -| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` | -| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` | -| `exporter.image` | Exporter image | `oliver006/redis_exporter` | -| `exporter.tag` | Exporter tag | `v1.27.0` | -| `exporter.port` | Exporter port | `9121` | -| `exporter.portName` | Exporter port name | `exporter-port` | -| `exporter.address` | Redis instance Hostname/Address Exists to circumvent some issues with issues in IPv6 hostname resolution | `localhost` | -| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` | -| `exporter.extraArgs` | Additional args for the exporter | `{}` | -| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | | -| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | -| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` | -| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | -| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` | -| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | -| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` | -| `exporter.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | `{}` | -| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` | -| `haproxy.replicas` | Number of HAProxy instances | `3` | -| `haproxy.servicePort` | Modify HAProxy service port | `6379` | -| `haproxy.containerPort` | Modify HAProxy deployment container port | `6379` -| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` | -| `haproxy.image.tag` | HAProxy Image Tag | `2.4.2` | -| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` | -| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] | -| `haproxy.tls.enabled` | If "true" this will enable TLS termination on haproxy | `false` -| `haproxy.tls.secretName` | Secret containing the .pem file | `""` -| `haproxy.tls.certMountPath` | Path to mount the secret that contains the certificates. haproxy | `false` -| `haproxy.tls.secretName` | Secret containing the .pem file | `""` -| `haproxy.annotations` | HAProxy template annotations | `{}` | -| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten |``| -| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg |``| -| `haproxy.resources` | HAProxy resources | `{}` | -| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` | -| `haproxy.labels` | Labels for the HAProxy pod | `{}` | -| `haproxy.serviceAccountName`| HAProxy serviceAccountName | `default` -| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` | -| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set | -| `haproxy.image.serviceAccountName`| HAProxy serviceAccountName | `default` -| `haproxy.service.externalTrafficPolicy`| HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | not set | -| `haproxy.service.annotations` | HAProxy service annotations | `{}` | -| `haproxy.service.labels` | HAProxy service labels | `{}` | -| `haproxy.service.loadBalancerIP` | HAProxy service loadbalancer IP | not set | -| `haproxy.service.externalIPs` | HAProxy external IPs | `{}` | -| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` | -| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` | -| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` | -| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` | -| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` | -| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `http-exporter-port` | -| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` | -| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` | -| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` | -| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` | -| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` | -| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` | -| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` | -| `haproxy.metrics.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | `{}` | -| `haproxy.init.resources` | Extra init resources | `{}` | -| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` | -| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` | -| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` | -| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` | -| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | `1s` | -| `haproxy.checkFall` | haproxy.cfg `check fall` setting | `1` | -| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set | -| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 99, fsGroup: 99, runAsNonRoot: true}` | -| `haproxy.containerSecurityContext` | Security context to be added to the HAProxy containers. | `{ runAsNonRoot: true, allowPrivilegeEscalation: false, seccompProfile: { type: RuntimeDefault }, capabilities: { drop: [ "ALL" ] }` | -| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` | -| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` | -| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` | -| `haproxy.tests.resources` | Pod resources for the tests against HAProxy. | `{}` | -| `haproxy.IPv6.enabled` | Disables certain binding options to support non-IPv6 environments. | `true` | -| `networkPolicy.enabled` | Create NetworkPolicy for Haproxy pods |`false`| -| `networkPolicy.labels` | Labels for Haproxy NetworkPolicy |`{}`| -| `networkPolicy.annotations` | Annotations for Haproxy NetworkPolicy |`{}`| -| `networkPolicy.ingressRules[].selectors` | Label selector query to define resources for this ingress rule |`[]`| -| `networkPolicy.ingressRules[].ports` | The destination ports for the ingress rule |`[{port: redis.port, protocol: TCP}, {port: sentinel.port, protocol: TCP}]`| -| `networkPolicy.egressRules[].selectors` | Label selector query to define resources for this egress rule |`[]`| -| `networkPolicy.egressRules[].ports` | The destination ports for the egress rule |``| -| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` | -| `nameOverride` | Override the chart name | `""` | -| `fullnameOverride` | Fully override the release name and chart name | `""` | -| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set | -| `hostPath.path` | Use this path on the host for data storage | not set | -| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` | -| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` | -| `sysctlImage.command` | sysctlImage command to execute | [] | -| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` | -| `sysctlImage.repository` | sysctlImage Init container name | `busybox` | -| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` | -| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` | -| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` | -| `sysctlImage.resources` | sysctlImage resources | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `tls.secretName` | The name of secret if you want to use your own TLS certificates. The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file | ``| -| `tls.certFile` | Name of certificate file | `redis.crt` | -| `tls.keyFile` | Name of key file | `redis.key` | -| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file |`` | -| `tls.caCertFile` | Name of CA certificate file | `ca.crt` | -| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb | `false` | -| `restore.existingSecret` | Set to true to use existingSecret for the AWS S3 or SSH credentials | `false` | -| `topologySpreadConstraints.enabled` | Enable topology spread constraints |`false`| -| `topologySpreadConstraints.maxSkew` | Max skew of pods tolerated |`1`| -| `topologySpreadConstraints.topologyKey` | Topology key for spread |`topology.kubernetes.io/zone`| -| `topologySpreadConstraints.whenUnsatisfiable` | Enforcement policy, hard or soft |`ScheduleAnyway`| -| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source |``| -| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source |``| -| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source |``| -| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb | `false` | -| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. -----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY----- |`` | -| `extraContainers` | Extra containers to include in StatefulSet |`[]`| -| `extraInitContainers` | Extra init containers to include in StatefulSet |`[]`| -| `extraVolumes` | Extra volumes to include in StatefulSet |`[]`| -| `extraLabels` | Labels that should be applied to all created resources |`{}`| -| `networkPolicy.enabled` | Create NetworkPolicy for Redis StatefulSet pods |`false`| -| `networkPolicy.labels` | Labels for NetworkPolicy |`{}`| -| `networkPolicy.annotations` | Annotations for NetworkPolicy |`{}`| -| `networkPolicy.ingressRules[].selectors` | Label selector query to define resources for this ingress rule |`[]`| -| `networkPolicy.ingressRules[].ports` | The destination ports for the ingress rule |`[{port: redis.port, protocol: TCP}, {port: sentinel.port, protocol: TCP}]`| -| `networkPolicy.egressRules[].selectors` | Label selector query to define resources for this egress rule |`[]`| -| `networkPolicy.egressRules[].ports` | The destination ports for the egress rule |``| -| `splitBrainDetection.interval` | Interval between redis sentinel and server split brain checks (in seconds) |`60`| -| `splitBrainDetection.resources` | splitBrainDetection resources |`{}`| +### General parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `additionalAffinities` | Additional affinities to add to the Redis server pods. | object | `{}` | +| `affinity` | Override all other affinity settings for the Redis server pods with a string. | string | `""` | +| `auth` | Configures redis with AUTH (requirepass & masterauth conf params) | bool | `false` | +| `authKey` | Defines the key holding the redis password in existing secret. | string | `"auth"` | +| `configmap.labels` | Custom labels for the redis configmap | object | `{}` | +| `configmapTest.image.repository` | Repository of the configmap shellcheck test image. | string | `"koalaman/shellcheck"` | +| `configmapTest.image.tag` | Tag of the configmap shellcheck test image. | string | `"v0.5.0"` | +| `configmapTest.resources` | Resources for the ConfigMap test pod | object | `{}` | +| `containerSecurityContext` | Security context to be added to the Redis containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | +| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | object | `{}` | +| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | string | `nil` | +| `extraContainers` | Extra containers to include in StatefulSet | list | `[]` | +| `extraInitContainers` | Extra init containers to include in StatefulSet | list | `[]` | +| `extraLabels` | Labels added here are applied to all created resources | object | `{}` | +| `extraVolumes` | Extra volumes to include in StatefulSet | list | `[]` | +| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | bool | `true` | +| `hostPath.chown` | if chown is true, an init-container with root permissions is launched to change the owner of the hostPath folder to the user defined in the security context | bool | `true` | +| `hostPath.path` | Use this path on the host for data storage. path is evaluated as template so placeholders are replaced | string | `""` | +| `image.pullPolicy` | Redis image pull policy | string | `"IfNotPresent"` | +| `image.repository` | Redis image repository | string | `"public.ecr.aws/docker/library/redis"` | +| `image.tag` | Redis image tag | string | `"7.2.4-alpine"` | +| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | list | `[]` | +| `init.resources` | Extra init resources | object | `{}` | +| `labels` | Custom labels for the redis pod | object | `{}` | +| `networkPolicy.annotations` | Annotations for NetworkPolicy | object | `{}` | +| `networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[]` | +| `networkPolicy.enabled` | whether NetworkPolicy for Redis StatefulSets should be created. when enabled, inter-Redis connectivity is created | bool | `false` | +| `networkPolicy.ingressRules` | User defined ingress rules that Redis should permit into. Uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` | +| `networkPolicy.labels` | Labels for NetworkPolicy | object | `{}` | +| `nodeSelector` | Node labels for pod assignment | object | `{}` | +| `persistentVolume.accessModes` | Persistent volume access modes | list | `["ReadWriteOnce"]` | +| `persistentVolume.annotations` | Annotations for the volume | object | `{}` | +| `persistentVolume.enabled` | Enable persistent volume | bool | `true` | +| `persistentVolume.labels` | Labels for the volume | object | `{}` | +| `persistentVolume.size` | Persistent volume size | string | `"10Gi"` | +| `persistentVolume.storageClass` | redis-ha data Persistent Volume Storage Class | string | `nil` | +| `podDisruptionBudget` | Pod Disruption Budget rules | object | `{}` | +| `podManagementPolicy` | The statefulset pod management policy | string | `"OrderedReady"` | +| `priorityClassName` | Kubernetes priorityClass name for the redis-ha-server pod | string | `""` | +| `rbac.create` | Create and use RBAC resources | bool | `true` | +| `redis.annotations` | Annotations for the redis statefulset | object | `{}` | +| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` | +| `redis.config` | Any valid redis config options in this section will be applied to each server, For multi-value configs use list instead of string (for example loadmodule) (see below) | object | see values.yaml | +| `redis.customArgs` | Allows overriding the redis container arguments | list | `[]` | +| `redis.customCommand` | Allows overriding the redis container command | list | `[]` | +| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | string | `nil` | +| `redis.disableCommands` | Array with commands to disable | list | `["FLUSHDB","FLUSHALL"]` | +| `redis.envFrom` | Load environment variables from ConfigMap/Secret | list | `[]` | +| `redis.extraVolumeMounts` | additional volumeMounts for Redis container | list | `[]` | +| `redis.lifecycle` | Container Lifecycle Hooks for redis container Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | see values.yaml | +| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` | +| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` | +| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` | +| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` | +| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | string | `"mymaster"` | +| `redis.port` | Port to access the redis service | int | `6379` | +| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` | +| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` | +| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `1` | +| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` | +| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | object | `{}` | +| `redis.terminationGracePeriodSeconds` | Increase terminationGracePeriodSeconds to allow writing large RDB snapshots. (k8s default is 30s) ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced | int | `60` | +| `redis.tlsPort` | TLS Port to access the redis service | int | `nil` | +| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf | bool | `nil` | +| `redis.updateStrategy` | Update strategy for Redis StatefulSet | object | `{"type":"RollingUpdate"}` | +| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | string | `nil` | +| `replicas` | Number of redis master/slave | int | `3` | +| `restore.existingSecret` | Set existingSecret to true to use secret specified in existingSecret above | bool | `false` | +| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source | string | `""` | +| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source | string | `""` | +| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source | string | `""` | +| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb | string | `""` | +| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. `-----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY-----` | string | `""` | +| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb | string | `""` | +| `restore.timeout` | Timeout for the restore | int | `600` | +| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | string | `""` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork". ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | string | `""` | +| `securityContext` | Security context to be added to the Redis StatefulSet. | object | `{"fsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` | +| `serviceAccount.automountToken` | opt in/out of automounting API credentials into container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | bool | `false` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the redis-ha.fullname template | string | `""` | +| `serviceLabels` | Custom labels for redis service | object | `{}` | +| `splitBrainDetection.interval` | Interval between redis sentinel and server split brain checks (in seconds) | int | `60` | +| `splitBrainDetection.resources` | splitBrainDetection resources | object | `{}` | +| `sysctlImage.command` | sysctlImage command to execute | list | `[]` | +| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | bool | `false` | +| `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | bool | `false` | +| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | string | `"Always"` | +| `sysctlImage.registry` | sysctlImage Init container registry | string | `"public.ecr.aws/docker/library"` | +| `sysctlImage.repository` | sysctlImage Init container name | string | `"busybox"` | +| `sysctlImage.resources` | sysctlImage resources | object | `{}` | +| `sysctlImage.tag` | sysctlImage Init container tag | string | `"1.34.1"` | +| `tls.caCertFile` | Name of CA certificate file | string | `"ca.crt"` | +| `tls.certFile` | Name of certificate file | string | `"redis.crt"` | +| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file | string | `nil` | +| `tls.keyFile` | Name of key file | string | `"redis.key"` | +| `topologySpreadConstraints.enabled` | Enable topology spread constraints | bool | `false` | +| `topologySpreadConstraints.maxSkew` | Max skew of pods tolerated | string | `""` | +| `topologySpreadConstraints.topologyKey` | Topology key for spread constraints | string | `""` | +| `topologySpreadConstraints.whenUnsatisfiable` | Enforcement policy, hard or soft | string | `""` | + +### Redis Sentinel parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | bool | `false` | +| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" | string | `""` | +| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | string | `"sentinel-password"` | +| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | object | see values.yaml | +| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | string | `""` | +| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) | string | `""` | +| `sentinel.extraVolumeMounts` | additional volumeMounts for Sentinel container | list | `[]` | +| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` | +| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | int | `5` | +| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | int | `30` | +| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | int | `1` | +| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | int | `15` | +| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) | string | `nil` | +| `sentinel.port` | Port to access the sentinel service | int | `26379` | +| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | int | `2` | +| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | int | `5` | +| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | int | `30` | +| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | int | `3` | +| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | int | `15` | +| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | object | `{}` | +| `sentinel.tlsPort` | TLS Port to access the sentinel service | int | `nil` | +| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf | bool | `nil` | + +### HAProxy parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `haproxy.IPv6.enabled` | Enable HAProxy parameters to bind and consume IPv6 addresses. Enabled by default. | bool | `true` | +| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy pods. | object | `{}` | +| `haproxy.affinity` | Override all other affinity settings for the haproxy pods with a string. | string | `""` | +| `haproxy.annotations` | HAProxy template annotations | object | `{}` | +| `haproxy.checkFall` | haproxy.cfg `check fall` setting | int | `1` | +| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | string | `"1s"` | +| `haproxy.containerPort` | Modify HAProxy deployment container port | int | `6379` | +| `haproxy.containerSecurityContext` | Security context to be added to the HAProxy containers. | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | +| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten | string | `nil` | +| `haproxy.deploymentStrategy` | Deployment strategy for the haproxy deployment | object | `{"type":"RollingUpdate"}` | +| `haproxy.emptyDir` | Configuration of `emptyDir` | object | `{}` | +| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | bool | `false` | +| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg | string | `nil` | +| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | bool | `true` | +| `haproxy.image.pullPolicy` | HAProxy Image PullPolicy | string | `"IfNotPresent"` | +| `haproxy.image.repository` | HAProxy Image Repository | string | `"public.ecr.aws/docker/library/haproxy"` | +| `haproxy.image.tag` | HAProxy Image Tag | string | `"2.9.4-alpine"` | +| `haproxy.imagePullSecrets` | Reference to one or more secrets to be used when pulling images ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | list | `[]` | +| `haproxy.init.resources` | Extra init resources | object | `{}` | +| `haproxy.labels` | Custom labels for the haproxy pod | object | `{}` | +| `haproxy.lifecycle` | Container lifecycle hooks. Ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ | object | `{}` | +| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | bool | `false` | +| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | int | `9101` | +| `haproxy.metrics.portName` | HAProxy metrics scraping port name | string | `"http-exporter-port"` | +| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping path | string | `"/metrics"` | +| `haproxy.metrics.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` | +| `haproxy.metrics.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` | +| `haproxy.metrics.serviceMonitor.interval` | Set how frequently Prometheus should scrape | string | `""` | +| `haproxy.metrics.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` | +| `haproxy.metrics.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` | +| `haproxy.metrics.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path | string | `""` | +| `haproxy.metrics.serviceMonitor.timeout` | Set timeout for scrape | string | `""` | +| `haproxy.networkPolicy.annotations` | Annotations for Haproxy NetworkPolicy | object | `{}` | +| `haproxy.networkPolicy.egressRules` | user can define egress rules too, uses the same structure as ingressRules | list | `[]` | +| `haproxy.networkPolicy.enabled` | whether NetworkPolicy for Haproxy should be created | bool | `false` | +| `haproxy.networkPolicy.ingressRules` | user defined ingress rules that Haproxy should permit into. uses the format defined in https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors | list | `[]` | +| `haproxy.networkPolicy.labels` | Labels for Haproxy NetworkPolicy | object | `{}` | +| `haproxy.podDisruptionBudget` | Pod Disruption Budget ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ | object | `{}` | +| `haproxy.priorityClassName` | Kubernetes priorityClass name for the haproxy pod | string | `""` | +| `haproxy.readOnly.enabled` | Enable if you want a dedicated port in haproxy for redis-slaves | bool | `false` | +| `haproxy.readOnly.port` | Port for the read-only redis-slaves | int | `6380` | +| `haproxy.replicas` | Number of HAProxy instances | int | `3` | +| `haproxy.resources` | HAProxy resources | object | `{}` | +| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | object | `{"fsGroup":99,"runAsNonRoot":true,"runAsUser":99}` | +| `haproxy.service.annotations` | HAProxy service annotations | string | `nil` | +| `haproxy.service.externalIPs` | HAProxy external IPs | object | `{}` | +| `haproxy.service.externalTrafficPolicy` | HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | string | `nil` | +| `haproxy.service.labels` | HAProxy service labels | object | `{}` | +| `haproxy.service.loadBalancerIP` | HAProxy service loadbalancer IP | string | `nil` | +| `haproxy.service.loadBalancerSourceRanges` | List of CIDR's allowed to connect to LoadBalancer | list | `[]` | +| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | int | `nil` | +| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | string | `"ClusterIP"` | +| `haproxy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | bool | `true` | +| `haproxy.serviceAccountName` | HAProxy serviceAccountName | string | `"redis-sa"` | +| `haproxy.servicePort` | Modify HAProxy service port | int | `6379` | +| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | bool | `false` | +| `haproxy.tests.resources` | Pod resources for the tests against HAProxy. | object | `{}` | +| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | string | `"2s"` | +| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | string | `"330s"` | +| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | string | `"4s"` | +| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | string | `"330s"` | +| `haproxy.tls.certMountPath` | Path to mount the secret that contains the certificates. haproxy | string | `"/tmp/"` | +| `haproxy.tls.enabled` | If "true" this will enable TLS termination on haproxy | bool | `false` | +| `haproxy.tls.keyName` | Key file name | string | `nil` | +| `haproxy.tls.secretName` | Secret containing the .pem file | string | `""` | + +### Prometheus exporter parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +| `exporter.address` | Address/Host for Redis instance. Exists to circumvent issues with IPv6 dns resolution that occurs on certain environments | string | `"localhost"` | +| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | bool | `false` | +| `exporter.extraArgs` | Additional args for redis exporter | object | `{}` | +| `exporter.image` | Exporter image | string | `"oliver006/redis_exporter"` | +| `exporter.livenessProbe.httpGet.path` | Exporter liveness probe httpGet path | string | `"/metrics"` | +| `exporter.livenessProbe.httpGet.port` | Exporter liveness probe httpGet port | int | `9121` | +| `exporter.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe of exporter | int | `15` | +| `exporter.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | int | `15` | +| `exporter.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe of exporter | int | `3` | +| `exporter.port` | Exporter port | int | `9121` | +| `exporter.portName` | Exporter port name | string | `"exporter-port"` | +| `exporter.pullPolicy` | Exporter image pullPolicy | string | `"IfNotPresent"` | +| `exporter.readinessProbe.httpGet.path` | Exporter readiness probe httpGet path | string | `"/metrics"` | +| `exporter.readinessProbe.httpGet.port` | Exporter readiness probe httpGet port | int | `9121` | +| `exporter.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe of exporter | int | `15` | +| `exporter.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | int | `15` | +| `exporter.readinessProbe.successThreshold` | Success threshold for readiness probe of exporter | int | `2` | +| `exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe of exporter | int | `3` | +| `exporter.resources` | cpu/memory resource limits/requests | object | `{}` | +| `exporter.scrapePath` | Exporter scrape path | string | `"/metrics"` | +| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | string | `""` | +| `exporter.serviceMonitor.enabled` | When set true then use a ServiceMonitor to configure scraping | bool | `false` | +| `exporter.serviceMonitor.endpointAdditionalProperties` | Set additional properties for the ServiceMonitor endpoints such as relabeling, scrapeTimeout, tlsConfig, and more. | object | `{}` | +| `exporter.serviceMonitor.interval` | Set how frequently Prometheus should scrape | string | `""` | +| `exporter.serviceMonitor.labels` | Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator | object | `{}` | +| `exporter.serviceMonitor.namespace` | Set the namespace the ServiceMonitor should be deployed | string | `.Release.Namespace` | +| `exporter.serviceMonitor.telemetryPath` | Set path to redis-exporter telemtery-path | string | `""` | +| `exporter.serviceMonitor.timeout` | Set timeout for scrape | string | `""` | +| `exporter.tag` | Exporter image tag | string | `"v1.57.0"` | +| `prometheusRule.additionalLabels` | Additional labels to be set in metadata. | object | `{}` | +| `prometheusRule.enabled` | If true, creates a Prometheus Operator PrometheusRule. | bool | `false` | +| `prometheusRule.interval` | How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). | string | `"10s"` | +| `prometheusRule.namespace` | Namespace which Prometheus is running in. | string | `nil` | +| `prometheusRule.rules` | Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). | list | `[]` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -395,7 +428,6 @@ The proposed solution is currently implemented as a sidecar container that runs If any of the checks above fails - the redis server reinitialisation happens (it regenerates configs the same way it's done during the pod init), and then the redis server is instructed to shutdown. Then kubernetes restarts the container immediately. - # Change Log ## 4.14.9 - ** POTENTIAL BREAKING CHANGE. ** @@ -409,3 +441,6 @@ This version introduced the deprecation of the PSP and subsequently added fields https://kubernetes.io/docs/tutorials/security/seccomp/ As a result, from this version onwards Kubernetes versions older than 1.19 will fail to install without the removal of `.Values.containerSecurityContext.seccompProfile` and `.Values.haproxy.containerSecurityContext.seccompProfile` (If HAProxy is enabled) + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/redis-ha/README.md.gotmpl b/charts/redis-ha/README.md.gotmpl new file mode 100644 index 0000000..36e370b --- /dev/null +++ b/charts/redis-ha/README.md.gotmpl @@ -0,0 +1,242 @@ +# Redis + +[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs. + +## TL;DR + +```bash +helm repo add dandydev https://dandydeveloper.github.io/charts +helm install dandydev/redis-ha +``` + +By default this chart install 3 pods total: + +* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available) +* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available) + +## Introduction + +This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager. + +## Prerequisites + +* Kubernetes 1.8+ with Beta APIs enabled +* PV provisioner support in the underlying infrastructure + +## Upgrading the Chart + +Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually. + +### Upgrading the chart from 3.x to 4.x + +Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs. + +## Installing the Chart + +To install the chart + +```bash +helm repo add dandydev https://dandydeveloper.github.io/charts +helm install dandydev/redis-ha +``` + +The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the deployment: + +```bash +helm delete +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Redis chart and their default values. + +### General parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if not (or (hasPrefix "haproxy" .Key) (hasPrefix "sentinel" .Key) (hasPrefix "exporter" .Key) (hasPrefix "prometheusRule" .Key) ) }} +| `{{ .Key }}` | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | + {{- end }} +{{- end }} + +### Redis Sentinel parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "sentinel" .Key }} +| `{{ .Key }}` | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | + {{- end }} +{{- end }} + +### HAProxy parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "haproxy" .Key }} +| `{{ .Key }}` | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | + {{- end }} +{{- end }} + +### Prometheus exporter parameters + +| Parameter | Description | Type | Default | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if or (hasPrefix "exporter" .Key) (hasPrefix "prometheusRule" .Key) }} +| `{{ .Key }}` | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | + {{- end }} +{{- end }} + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm repo add dandydev https://dandydeveloper.github.io/charts +$ helm install \ + --set image=redis \ + --set tag=5.0.5-alpine \ + dandydev/redis-ha +``` + +The above command sets the Redis server within `default` namespace. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +helm install -f values.yaml dandydev/redis-ha +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Custom Redis and Sentinel config options + +This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options. + +[Example redis.conf](http://download.redis.io/redis-stable/redis.conf) +[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf) + +For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as: + +```yml + repl-timeout: "60" +``` + +Note: + +1. Some config options should be renamed by redis version,e.g.: + + ```yml + # In redis 5.x,see https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf + min-replicas-to-write: 1 + min-replicas-max-lag: 5 + + # In redis 4.x and redis 3.x,see https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf + min-slaves-to-write 1 + min-slaves-max-lag 5 + ``` + +Sentinel options supported must be in the the `sentinel